GHSA-r4mw-gxf7-vxr9

Source
https://github.com/advisories/GHSA-r4mw-gxf7-vxr9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r4mw-gxf7-vxr9/GHSA-r4mw-gxf7-vxr9.json
Aliases
Published
2022-05-24T17:06:16Z
Modified
2023-11-08T04:01:54.701330Z
Details

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

References

Affected packages

NuGet / Microsoft.WindowsDesktop.App.Ref

Package

Name
Microsoft.WindowsDesktop.App.Ref

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.1
Fixed
3.0.2

Affected versions

3.*

3.0.1

NuGet / Microsoft.WindowsDesktop.App.Ref

Package

Name
Microsoft.WindowsDesktop.App.Ref

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.WindowsDesktop.App.Runtime.win-x86

Package

Name
Microsoft.WindowsDesktop.App.Runtime.win-x86

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.2

Affected versions

3.*

3.0.0
3.0.1

NuGet / Microsoft.WindowsDesktop.App.Runtime.win-x86

Package

Name
Microsoft.WindowsDesktop.App.Runtime.win-x86

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.11

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10

NuGet / Microsoft.WindowsDesktop.App.Runtime.win-x64

Package

Name
Microsoft.WindowsDesktop.App.Runtime.win-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.2

Affected versions

3.*

3.0.0
3.0.1

NuGet / Microsoft.WindowsDesktop.App.Runtime.win-x64

Package

Name
Microsoft.WindowsDesktop.App.Runtime.win-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.11

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10